Site-2-Site Tunnel drops problem.

Discussion in 'Cisco' started by TimParker, Apr 21, 2009.

  1. TimParker

    TimParker Guest

    Hello All.

    I have my Cisco ASA 5505 in our main office with a a site-2-site to
    one of our remote offices with a Cisco 871 Router on the other end.
    Everything works great, but.....

    If the tunnel drops due to a time out over the weekend when no one is
    using it, which is fine. The remote office when they attempt to
    connect on Monday morning it won't bring the tunnel back on line, but
    if I just ping a device in the remote office from our Main HQ it comes
    right back up and everything is great.

    I thought that if the tunnel dropped either side should be able to
    bring it back online? I am guessing I have something configured wrong?
    There currently isn't a DC in the remote location, they log on locally
    to their machines and then Remote Desktop into the Main Office. It
    will have a DC eventually, but licensing/timing are causing some
    problems with completing that.

    Thoughts?

    TIA.

    Tim
     
    TimParker, Apr 21, 2009
    #1
    1. Advertising

  2. TimParker

    bod43 Guest

    On 21 Apr, 15:04, TimParker <> wrote:
    > Hello All.
    >
    > I have my Cisco ASA 5505 in our main office with a a site-2-site to
    > one of our remote offices with a Cisco 871 Router on the other end.
    > Everything works great, but.....
    >
    > If the tunnel drops due to a time out over the weekend when no one is
    > using it, which is fine. The remote office when they attempt to
    > connect on Monday morning it won't bring the tunnel back on line, but
    > if I just ping a device in the remote office from our Main HQ it comes
    > right back up and everything is great.
    >
    > I thought that if the tunnel dropped either side should be able to
    > bring it back online? I am guessing I have something configured wrong?
    > There currently isn't a DC in the remote location, they log on locally
    > to their machines and then Remote Desktop into the Main Office. It
    > will have a DC eventually, but licensing/timing are causing some
    > problems with completing that.
    >
    > Thoughts?



    If the IPSEC is being NATted perhaps the NAT needs
    traffic in one specific direction to get itself going.

    Or the same with some kind of firewall inspection.

    I have seen your symptoms in cases where neither applied.
    Did not happen often and never did figure it out.

    I am pretty sure that one time I resorted to setting up
    a ping (or maybe NTP:) just to work around the problem.
     
    bod43, Apr 21, 2009
    #2
    1. Advertising

  3. TimParker

    alexd Guest

    bod43 wrote:

    > I am pretty sure that one time I resorted to setting up
    > a ping (or maybe NTP:) just to work around the problem.


    The OP could use an 'ip sla ...' to make sure there's always interesting
    traffic going on.

    --
    <http://ale.cx/> (AIM:troffasky) ()
    20:54:00 up 137 days, 22:04, 3 users, load average: 0.02, 0.04, 0.00
    My god, said I, with my one liquid eye, am I dreaming, or am I insane?
     
    alexd, Apr 21, 2009
    #3
  4. TimParker

    TimParker Guest

    Had a different ticket open with Cisco and got them to open a
    different one to take a quick look at this and apparently I had PFS on
    one side but not the other. Will be testing further in the
    morning.....


    On Apr 21, 3:54 pm, alexd <> wrote:
    > bod43 wrote:
    > > I am pretty sure that one time I resorted to setting up
    > > a ping (or maybe NTP:) just to work around the problem.

    >
    > The OP could use an 'ip sla ...' to make sure there's always interesting
    > traffic going on.
    >
    > --
    >  <http://ale.cx/> (AIM:troffasky) ()
    >  20:54:00 up 137 days, 22:04,  3 users,  load average: 0.02, 0.04, 0.00
    >  My god, said I, with my one liquid eye, am I dreaming, or am I insane?
     
    TimParker, Apr 22, 2009
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Matthew Melbourne

    EzVPN IOS Client with VPN3k - Tunnel Drops

    Matthew Melbourne, Apr 28, 2004, in forum: Cisco
    Replies:
    0
    Views:
    659
    Matthew Melbourne
    Apr 28, 2004
  2. a.nonny mouse
    Replies:
    2
    Views:
    1,184
  3. Trouble
    Replies:
    0
    Views:
    781
    Trouble
    Aug 4, 2006
  4. Trouble
    Replies:
    1
    Views:
    592
  5. garywi

    Wireless Connection Drops, then connects, drops...

    garywi, Feb 12, 2009, in forum: Wireless Networking
    Replies:
    1
    Views:
    713
    Robert L. \(MS-MVP\)
    Feb 12, 2009
Loading...

Share This Page